From 2f468d575d2b6a8fa1efb85e54952d038c79aa98 Mon Sep 17 00:00:00 2001 From: Gallavardin Antoine Date: Tue, 29 Jun 2021 09:15:45 +0200 Subject: [PATCH 1/2] remove useless include --- lemonldap-ng-common/scripts/importMetadata | 1 - 1 file changed, 1 deletion(-) diff --git a/lemonldap-ng-common/scripts/importMetadata b/lemonldap-ng-common/scripts/importMetadata index d645be247d..fdd3452301 100644 --- a/lemonldap-ng-common/scripts/importMetadata +++ b/lemonldap-ng-common/scripts/importMetadata @@ -6,7 +6,6 @@ use Lemonldap::NG::Common::Conf; use LWP::UserAgent; use MIME::Base64; use XML::LibXML; -use Data::Dumper qw(Dumper); sub toEntityIDkey { -- GitLab From e8e9416a00624c574ff800a5690035d593e29913 Mon Sep 17 00:00:00 2001 From: Gallavardin Antoine Date: Tue, 29 Jun 2021 10:20:15 +0200 Subject: [PATCH 2/2] improve documentation about importMetada script options --- doc/sources/admin/renater.rst | 51 +++++++++++++++++++++++++++++++++++ 1 file changed, 51 insertions(+) diff --git a/doc/sources/admin/renater.rst b/doc/sources/admin/renater.rst index 6ca8e0889f..415a985eb6 100644 --- a/doc/sources/admin/renater.rst +++ b/doc/sources/admin/renater.rst @@ -92,6 +92,57 @@ Then run the script: /usr/share/lemonldap-ng/bin/importMetadataRenater -m https://metadata.federation.renater.fr/renater/main/main-idps-renater-metadata.xml -r -i "idp-renater-" -s "sp-renater-" +The script provide the following options + + * -c (--certificate) : URL of certificate, to check metadata document signature + * -i (--idpconfprefix) : Prefix used to set IDP configuration key + * -h (--help) : print this message + * -m (--metadata : URL of metadata document + * -s (--spconfprefix): Prefix used to set SP configuration key + * -w (--warning): print debug messages + * -bs (--blocklistsp): list of SP entityID to avoid to modify/import + * -bi (--blocklistip): list of IdP entityID to avoid to modify/import + * -n (--nagios) : output only metrics nagios compatible + * -d (--dryrun): do nothing + * -v (--verbose) : display all actions + * -r (--remove) : remove entityID inside LemonLDAP if was remove inside remote metadata + + +Example : +:: + + /usr/libexec/lemonldap-ng/bin/importMetadata -m https://pub.federation.renater.fr/metadata/renater/main/main-sps-renater-metadata.xml -s "sp-fed-prd" -c https://pub.federation.renater.fr/metadata/certs/renater-metadata-signing-cert-2016.pem -bs https://test-sp.federation.renater.fr -r -v -d + +This command will + * fetch all SPs metadata from renater + * set a prefix to entity stored inside LemonLdap::NG + * disable local modification of SP https://test-sp.federation.renater.fr + * remove local SPs wich didn't exist anymore in Federation metadata + * show only all modifications to apply + +The output is the following : + + .. code-block:: + + ... + Update SP https://www-iuem.univ-brest.fr/sp in configuration + Attribute mail (urn:oid:0.9.2342.19200300.100.1.3) requested by SP https://gesper.ad.bnu.fr/shibboleth + Attribute eduPersonPrimaryAffiliation (urn:oid:1.3.6.1.4.1.5923.1.1.1.5) requested by SP https://gesper.ad.bnu.fr/shibboleth + Attribute eduPersonPrincipalName (urn:oid:1.3.6.1.4.1.5923.1.1.1.6) requested by SP https://gesper.ad.bnu.fr/shibboleth + Attribute displayName (urn:oid:2.16.840.1.113730.3.1.241) requested by SP https://gesper.ad.bnu.fr/shibboleth + Update SP https://gesper.ad.bnu.fr/shibboleth in configuration + [INFO] Dry-run mod no EntityID inserted + [IDP] Found: 0 Updated: 0 Created: 0 Removed: 0 Rejected: 0 Ignored: 0 + [SP] Found: 1248 Updated: 1240 Created: 0 Removed: 0 Rejected: 7 Ignored: 1 + + +With "-n" options you could get a "nagios like" output with metrics : + + .. code-block:: + + /usr/libexec/lemonldap-ng/bin/importMetadataFedRenater -m https://pub.federation.renater.fr/metadata/renater/main/main-sps-renater-metadata.xml -s "sp-fed-prd" -c https://pub.federation.renater.fr/metadata/certs/renater-metadata-signing-cert-2016.pem -bs https://test-sp.federation.renater.fr -r -d -n + Metadata loaded inside Conf: [DRY-RUN]|idp_found=0, idp_updated=0, idp_created=0, idp_removed=0, idp_rejected=0, idp_ignored=0, sp_found=1248, sp_updated=1240, sp_created=0, sp_removed=0, sp_rejected=7, sp_ignored=1 + .. attention:: -- GitLab